On Friday 24 April 2009 12.27.50 you wrote:
> On Fri, Apr 24, 2009 at 3:38 AM, LEVAI Daniel <l...@ecentrum.hu> wrote:
> > On Friday 24 April 2009 09.28.34 you wrote:
> >> omg we have finger print reader support??? !
> >>
> >> I installed the port and I'm playing with it. Can you post your full
> >> config? The login_fingerprint docs are short on the troubleshooting. I
> >> can enroll my fingers and I've got su asking me for finger swipes but
> >> whenever I do it says "invalid swipe" or "login incorrect".
> >
> > You need to enroll_fingerprint(8) as the target (root) user too, so root
> > will have a ~/.fprint directory too.
>
> When I say "su" I actually meant I'm running "su $USER".
Then you must run enroll_fingerprint as $USER, to make the
$USER_HOMEDIR/.fprint/ directory and the corresponding files.
>
> >> I see the same result as you with sudo. Annoying. Sudo must not be
> >> feeding it correctly right, but perhaps login_fingerprint is expecting
> >> wrongly.
> >>
> >> It would be a neat gimmick if we could get this working!
> >
> > I just followed /usr/local/share/doc/login_fingerprint/README:
> > $ enroll_fingerprint -f 7
> > It has populated a ~/.fprint/ dir with the scanned fingerprint, and after
> > the login.conf modify I could login on the console and do `su`. Only sudo
> > seems to need the '-apasswd' option to force it to use the passwd auth
> > type instead of the -fingerprint type. But grepping thru sudo's source I
> > couldn't find this error message anywhere :\
> >
> > My modifications in login.conf is only the following:
> > --- /var/backups/etc_login.conf.backup Thu Apr 16 16:06:00 2009
> > +++ /etc/login.conf Thu Apr 23 17:15:23 2009
> > @@ -23,7 +23,8 @@
> > #
> >
> > # Default allowed authentication styles
> > -auth-defaults:auth=passwd,skey:
> > +auth-defaults:auth=-fingerprint,passwd,skey:\
> > + :x-fingerprint=7:
> >
> > # Default allowed authentication styles for authentication type ftp
> > auth-ftp-defaults:auth-ftp=passwd:
>
> I followed the README too but it told me to add this:
> #
> # The fingerprint login class allows the fingerprint and passwd
> # authentication methods and checks your 7th (right index) finger.
> #
>
> fingerprint:
> :auth=-fingerprint,passwd:\
> :x-fingerprint=7:\
> :tc=default:
>
I've done the same thing except I've added this to the default class, so I
don't have to change the already made classes (which are
including "auth-defaults").
> and I had to do "sudo usermod -L fingerprint $USER" to get "su $USER"
> to start asking me to swipe. Do we maybe have different versions (I
> should probably shyly mention here that I'm on -CURRENT right now)?
I'm using -current too, but in this case it doesn't matter; the login classes
we use are not the same, but that's all.
> Why are we writing "-fingerprint" instead of "fingerprint"?
> login.conf(8) is hazy on what this means. It doesn't seem to matter
> espcially which is chosen.
man login.conf:
Local authentication styles may be added by creating a login script for
the style (see below). To prevent collisions with future official BSD
Authentication style names, all local style names should start with a
dash (-).
^^^ That is why the -fingerprint; also:
# ls -l /usr/libexec/auth/
[...]
login_-fingerprint
[...]
> I suspect my problem is a driver issue. I have a 1600 chip (as linux
> tells me... dunno why OpenBSD) but the driver is written for 1610
> chips. Until I can at least use su with my finger I'm not sure I can
> help you.
What does `ls -lR /home/$USER/.fprint/` tells you? Do you have the proper
scanned fingerprints there? Do you have the $USER in the fingerprint class
(if you've followed the README file with login_fingerprint)?
Daniel
--
LIVAI Daniel
PGP key ID = 0x4AC0A4B1
Key fingerprint = D037 03B9 C12D D338 4412 2D83 1373 917A 4AC0 A4B1
